Fix bug: Subtitle was not escaped

author: Christian Weiske <cweiske@cweiske.de> 2011-08-17 18:24:26 +0200
committer: Christian Weiske <cweiske@cweiske.de> 2011-08-17 18:24:26 +0200
commit: 880b94498ab07edc0990af183c2491b89eefe066 (patch)
tree: c1d32acf9cc80f6d43705fcc44f30251cbf8adcd
parent: 196db46097a8e7bdce478c5c8559d3ecf0529114 (diff)
download: semanticscuttle-880b94498ab07edc0990af183c2491b89eefe066.tar.gz
semanticscuttle-880b94498ab07edc0990af183c2491b89eefe066.tar.bz2
2 files changed, 2 insertions, 1 deletions
diff --git a/data/templates/default/top.inc.php b/data/templates/default/top.inc.php
index 17ec982..f2adba4 100644
--- a/data/templates/default/top.inc.php
+++ b/data/templates/default/top.inc.php
@@ -49,7 +49,7 @@ if(!isset($_GET['popup'])) {
 
 <?php
 if (isset($subtitle)) {
-	echo '<h2>'. $subtitle ."</h2>\n";
+	echo '<h2>'. htmlspecialchars($subtitle) ."</h2>\n";
 }
 if(DEBUG_MODE) {
 	echo '<p class="error">'. T_('Admins, your installation is in "Debug Mode" ($debugMode = true). To go in "Normal Mode" and hide debugging messages, change $debugMode to false into config.php.') ."</p>\n";
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 1c5f36f..05a6405 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -6,6 +6,7 @@ ChangeLog for SemantiScuttle
 0.98.4 - 2011-XX-XX
 -------------------
 - Fix bug: URLs were escaped too often in bookmark list
+- Fix bug: Subtitle was not escaped
 
 
 0.98.3 - 2011-08-09
author	Christian Weiske <cweiske@cweiske.de>	2011-08-17 18:24:26 +0200
committer	Christian Weiske <cweiske@cweiske.de>	2011-08-17 18:24:26 +0200
commit	880b94498ab07edc0990af183c2491b89eefe066 (patch)
tree	c1d32acf9cc80f6d43705fcc44f30251cbf8adcd
parent	196db46097a8e7bdce478c5c8559d3ecf0529114 (diff)
download	semanticscuttle-880b94498ab07edc0990af183c2491b89eefe066.tar.gz semanticscuttle-880b94498ab07edc0990af183c2491b89eefe066.tar.bz2